Цены Enterprise

CVE-2023-24162

9.8CRITICAL

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

Опубликовано: 1/31/2023Обновлено: 3/27/2025

Посмотреть на NVD Посмотреть на MITRE

Описание

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter.

ИИ-АнализНа базе ИИ

Затронутые продукты

hutoolhutool

5.8.11

Ссылки

https://gitee.com/dromara/hutool/issues/I6AEX2
ExploitThird Party Advisory
https://github.com/dromara/hutool/issues/2855
ExploitThird Party Advisory
https://gitee.com/dromara/hutool/issues/I6AEX2
ExploitThird Party Advisory
https://github.com/dromara/hutool/issues/2855
ExploitThird Party Advisory